Knowledge Tree
Home Research Docs About
concept

CI/CD pipeline

Also known as: Continuous Integration/Continuous Deployment pipelines, CI/CD pipeline, CI/CD pipelines, CI/CD, CI/CD build pipelines, CI/CD workflows

Facts (14)

Sources
bureado/awesome-software-supply-chain-security - GitHub github.com GitHub 6 facts
claimgh-guard is a CI/CD supply chain hardening plugin for Claude Code that guides Rust projects to achieve OpenSSF Scorecard scores, Trusted Publishing, SLSA L3 provenance, and dependency auditing with interactive hardening levels.
referencePipeline Sentinel, developed by appsec-jedi, is an eBPF-powered security monitor for CI/CD build pipelines that detects and blocks suspicious process executions to prevent supply chain attacks during the build phase.
referenceThe 'spdx-sbom-generator' project by opensbom-generator supports the generation of Software Bill of Materials (SBOMs) via golang tooling in CI/CD pipelines.
referenceNIST Special Publication 800-204D provides guidance on integrating supply chain security into CI/CD pipelines, including recommendations for secure builds, artifact management, and zero-trust principles.
referenceThe 'swingletree' project by swingletree-oss is a tool designed to integrate and observe the results of CI/CD pipeline tools.
referenceRatchet is a tool developed by sethvargo used for securing CI/CD workflows through version pinning.
Open-Source Governance And Open Source Collaboration - Meegle meegle.com Meegle 2 facts
claimRecommended tools for open-source governance and collaboration include GitHub, GitLab, Slack, Jira, and CI/CD pipelines for code management, communication, and workflow automation.
procedureEffective open-source governance and collaboration leverages version control systems (GitHub or GitLab), communication tools (Slack, Discord, or mailing lists), CI/CD pipelines for automation, issue tracking tools (Jira or Trello), and analytics tools to monitor project metrics.
Open source software best practices and supply chain risk ... - GOV.UK gov.uk Department for Science, Innovation and Technology Mar 3, 2025 2 facts
claimSoftware composition analysis (SCA) can be used to conduct regular vulnerability assessments, be implemented as part of the continuous integration/continuous deployment (CI/CD) pipeline, and be used to enforce an open-source software policy (Alvarenga, 2023a).
claimContinuous monitoring of open-source software components can be performed manually, but is often automated and integrated into an organization's continuous integration/continuous deployment (CI/CD) pipeline.
Cybersecurity Trends and Predictions 2025 From Industry Insiders itprotoday.com ITPro Today 1 fact
claimDevelopers can integrate AI with automated tooling and CI/CD pipelines to quickly identify and fix coding flaws.
What is Open Source Software? Definition Guide, Benefits & Types sonarsource.com SonarSource 1 fact
claimSonarQube Server integrates with CI/CD workflows and DevOps platforms to improve code quality, performance, security, and maintainability.
A Mixed-Methods Study of Open-Source Software Maintainers On ... arxiv.org arXiv Feb 3, 2025 1 fact
claimOSS maintainers struggle with developing patches because some Platform Security Features (PSFs) lack core CI/CD processes, which leads to broken tests and builds.
Best practices for version control to enhance development workflows harness.io Harness Mar 17, 2025 1 fact
procedureTokens, credentials, and API keys should not be stored in repositories; instead, developers should use dedicated secret management tools that integrate with CI/CD pipelines.